Senior Penetration Tester / Red Team Expert (f, m, d)
LET’S TALK ABOUT YOU
Your profile
- A minimum of Bachelor’s Degree in Information Technology, Computer Science, Engineering or related field. A specialization in cybersecurity is a plus.
- More than three years of experience in hands-on penetration testing or red team engagements.
- Experience within current attack methods, manual penetration testing methods, and hacking tools (Nessus, Nmap, Metasploit, Kali Linux, IDA PRO, Burp Suite Pro) as a starting point for intensive manual security tests and self-developed testing tools.
- The ability to present and explain complex technical topics to both management personnel and technical experts.
Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking, and exploit generations as well as in hardware hacking (JTAG, internal bus systems) is a plus.
- Proficiency in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks as well as domain know-how in Energy Technologies (PLC/SCADA) is a plus.
- As you act in an international environment, you bring fluent English language skills (including security terminology) both verbal and written; proficiency in German is a plus.
- Certifications like OSCP, CEH, CISSP, CISA, CISM preferred but not required.
- Background knowledge in organizational information (ISO/IEC 27001 / IEC 62443).
Your Responsibilities
- In your new role, you assess IT & OT infrastructures as well as products, solutions, and services with tool-based and manual penetration test & red team methods (products, solutions, services, IoT & embedded devices, web technologies, rich clients, SAP, networks & network devices, security devices & technologies, protocols, source code spot checks, binary reversing, fuzzing, & DDoS attacks).
- You find new vulnerabilities that trigger business worst case scenarios, rate their risk level according to CVSS, and prove their relevance with exploit scripts (including Scada, PLCs).
- Additionally, you check compliance of security settings with international standards (patch status, secure configuration).
You explain vulnerabilities and their impact to technical experts as well as to management, and perform root-cause analysis and lessons learned with developers and architects.
- You coach architects, developers, system integrators, administrators and service personnel early during product and solution development as well as procurement to improve security sustainably. Moreover, you coach working students.
- You perform penetration tests on customer networks and solutions.
Your opportunities for personal growth
- Working in an international team with all internal divisions and functions getting an excellent overview about the complete company
- Taking functional responsibility for a team within the assessment and support projects
LET’S TALK ABOUT US
"Let’s make tomorrow different today" is our genuine commitment at Siemens Energy to all customers and employees on the way to a sustainable future.
In our Business Functions we enable our organization to reach their targets by providing best-in class services and solutions in the areas of IT, HR, Finance, Real Estate, Strategy & Technology and more.
Our department Assurance and Resilience Management is responsible for 2nd Line of Defense activities challenging and supporting the business to become cybersecurity resilient as well as the technical and non-technical Cybersecurity assessment (Red Team, process assessments).
MORE INSIGHTS
Be Energized. Be you.
Lucky for us, we are not all the same. Through diversity we generate power. We run on inclusion and compassion. Our combined creative energy is fueled by at least 130 nationalities. Siemens Energy celebrates character - no matter what ethnic background, gender, age, religion, identity, or disability. We energize society. All of society.
Jobs & Careers: https://www.siemens-energy.com/global/en/company/jobs.html